Risky Business #666 -- The msdt RTF of DOOM
Risky Business
English - May 31, 2022 00:00 - 47.7 MB - ★★★★★ - 339 ratingsTechnology News Tech News Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including:
The msdt/office lolbinapalooza
Microsoft to introduce sensible defaults to Azure
Twitter fined $150m for sms 2fa spam
It turns out npm got owned in that Heroku/Travis CI thing
AWS cred-stealing supply chain attack was research your honour, I swear!
Much, much more
We’ll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week’s sponsor interview. He’ll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins.
Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.
Show notes
nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter
Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar
Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don’t control and the webpage adds Follina exploit string, your server the runs the code." / Twitter
Microsoft Office Remote Code Execution - “Follina” MSDT Attack
Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community
npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog
Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future
REvil prosecutions reach a 'dead end,' Russian media reports
Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future
Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters
Российские компании начали увольнять украинских ИT-специалистов — РБК
Hacker Leaks Mountain of Files From Inside Xinjiang Camps
Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel
No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post
Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews
756.pdf
Security ‘researcher’ hits back against claims of malicious CTX file uploads | The Daily Swig
Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters
Hacker Steals Database of Hundreds of Verizon Employees
GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter
Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter
Darknet market Versus shuts down after hacker leaks security flaw
Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica
Red Canary Managed Detection and Response - YouTube
Airlock Digital Demo - YouTube